Options -Indexes
Options +FollowSymLinks
#
#Password protection
#
AuthName "Who's your daddy?"
AuthType Basic
AuthUserFile /path-to-password-file/
AuthGroupFile /dev/null
<Files admin.php>
require valid-user
</Files>
#
# Mod_security can interfere with uploading of content such as attachments. If you
# cannot attach files, remove the "#" from the lines below.
#<IfModule mod_security.c>
# SecFilterEngine Off
# SecFilterScanPOST Off
#</IfModule>
Options FollowSymLinks
ErrorDocument 401 http://www.amazon.com/?_encoding=UTF8&camp=213733&creative=393193&linkCode=shr&tag=socialuncens-20
ErrorDocument 403 http://www.amazon.com/?_encoding=UTF8&camp=213733&creative=393193&linkCode=shr&tag=socialuncens-20
ErrorDocument 404 http://www.sociallyuncensored.eu/forums/
ErrorDocument 500 default
<IfModule mod_rewrite.c>
RewriteEngine On
RedirectMatch 301 401.shtml http://www.amazon.com/?_encoding=UTF8&camp=213733&creative=393193&linkCode=shr&tag=socialuncens-20
RedirectMatch 301 403.shtml http://www.amazon.com/?_encoding=UTF8&camp=213733&creative=393193&linkCode=shr&tag=socialuncens-20
RedirectMatch 301 404.shtml http://www.sociallyuncensored.eu/forums/
RewriteCond %{HTTP_HOST} !^www\.sociallyuncensored\.eu$
RewriteRule ^(.*)$ http://www.sociallyuncensored.eu/?$1 [R=301,L]
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?sociallyuncensored\. [NC]
RewriteCond %{HTTP_REFERER} !^http(s)?://(cdn\.)?sociallyuncensored.com [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?google\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?bing\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?yahoo\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?duckduckgo\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?xenforo\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?twitter\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?facebook\. [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)?amazon\. [NC]
RewriteCond %{HTTP_REFERER} !search\?q=cache [NC]
RewriteRule \.(jpg|jpeg|png|gif|svg|css|js|pdf|zip)$ http://www.sociallyuncensored.eu/hotlink.jpg [NC,R,L]
# If you are having problems with the rewrite rules, remove the "#" from the
# line that begins "RewriteBase" below. You will also have to change the path
# of the rewrite to reflect the path to your XenForo installation.
#RewriteBase /xenforo
# This line may be needed to enable WebDAV editing with PHP as a CGI.
#RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^(data/|js/|styles/|install/|favicon\.ico|crossdomain\.xml|robots\.txt) - [NC,L]
RewriteRule ^.*$ index.php [NC,L]
# 5G BLACKLIST/FIREWALL (2013)
# @ http://perishablepress.com/5g-blacklist-2013/
RewriteCond %{QUERY_STRING} (\"|%22).*(<|>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (javascript:).*(\;) [NC,OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3) [NC,OR]
RewriteCond %{QUERY_STRING} (\\|\.\./|`|=\'$|=%27$) [NC,OR]
RewriteCond %{QUERY_STRING} (\;|\'|\"|%22).*(union|select|insert|drop|update|md5|benchmark|or|and|if) [NC,OR]
RewriteCond %{QUERY_STRING} (base64_encode|localhost|mosconfig) [NC,OR]
RewriteCond %{QUERY_STRING} (boot\.ini|echo.*kae|etc/passwd) [NC,OR]
RewriteCond %{QUERY_STRING} (GLOBALS|REQUEST)(=|\[|%) [NC]
RewriteRule .* - [F]
RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK)
RewriteRule .* - [F]
#My Block mySQL injects
RewriteCond %{QUERY_STRING} (;|<|>|’|”|\)|%0A|%0D|%22|%27|%3C|%3E|%00).*(/\*|union|select|insert|cast|set|declare|drop|update|md5|benchmark) [NC,OR]
RewriteCond %{QUERY_STRING} \.\./\.\. [OR]
RewriteCond %{QUERY_STRING} (localhost|loopback|127\.0\.0\.1) [NC,OR]
RewriteCond %{QUERY_STRING} \.[a-z0-9] [NC,OR]
RewriteCond %{QUERY_STRING} (<|>|’|%0A|%0D|%27|%3C|%3E|%00) [NC]
# Note: The final RewriteCond must NOT use the [OR] flag.
</IfModule>
# 5G:[USER AGENTS]
<IfModule mod_setenvif.c>
# SetEnvIfNoCase User-Agent ^$ keep_out
SetEnvIfNoCase User-Agent (\<|\>|\'|\$x0|\%0A|\%0D|\%27|\%3C|\%3E|\%00|\+select|\+union|\<) keep_out
SetEnvIfNoCase User-Agent (binlar|casper|checkprivacy|cmsworldmap|comodo|curious|diavol|doco) keep_out
SetEnvIfNoCase User-Agent (dotbot|feedfinder|flicky|ia_archiver|jakarta|kmccrew|libwww|nutch) keep_out
SetEnvIfNoCase User-Agent (planetwork|purebot|pycurl|skygrid|sucker|turnit|vikspid|zmeu|zune) keep_out
<limit GET POST PUT>
Order Allow,Deny
Allow from all
Deny from env=keep_out
</limit>
</IfModule>
# 5G:[REQUEST STRINGS]
<IfModule mod_alias.c>
RedirectMatch 403 (https?|ftp|php)\://
RedirectMatch 403 /(https?|ima|ucp)/
RedirectMatch 403 /(Permanent|Better)$
RedirectMatch 403 (\=\\\'|\=\\%27|/\\\'/?|\)\.css\()$
RedirectMatch 403 (\,|\)\+|/\,/|\{0\}|\(/\(|\.\.\.|\+\+\+|\||\\\"\\\")
RedirectMatch 403 \.(cgi|asp|aspx|cfg|dll|exe|jsp|mdb|sql|ini|rar)$
RedirectMatch 403 /(contac|fpw|install|pingserver|register)\.php$
RedirectMatch 403 (base64|crossdomain|localhost|wwwroot|e107\_)
RedirectMatch 403 (eval\(|\_vti\_|\(null\)|echo.*kae|config\.xml)
RedirectMatch 403 \.well\-known/host\-meta
RedirectMatch 403 /function\.array\-rand
RedirectMatch 403 \)\;\$\(this\)\.html\(
RedirectMatch 403 proc/self/environ
RedirectMatch 403 msnbot\.htm\)\.\_
RedirectMatch 403 /ref\.outcontrol
RedirectMatch 403 com\_cropimage
RedirectMatch 403 indonesia\.htm
RedirectMatch 403 \{\$itemURL\}
RedirectMatch 403 function\(\)
RedirectMatch 403 labels\.rdf
RedirectMatch 403 /playing.php
RedirectMatch 403 muieblackcat
</IfModule>
#Deny attempts to view the Htaccess file.
<Files "(.htaccess\^\.ht|~$|\.old$|\.OLD$|\.bak$|\.BAK$)">
Order allow,deny
Deny from all
</Files>
<limit GET POST PUT>
deny from 0.
deny from 10.0.0.0/8
deny from 172.16.0.0/12
deny from 192.168.0.0/16
deny from 169.254.0.0/16
#deny from softlayer.com
deny from 5.10.83.0/25
</limit>